Closed
Description
See comments here.
There is no python-zstandard package on PyPI which makes this a security issue because a bad actor can claim that name and publish a malicious package. I believe this should really point to just zstandard.
Also, even if just for the sake of checking installation, it would be great if this is actually covered by CI, ie checking that installing all the extras works without blowing up.